Cybersecurity is a huge risk for businesses and a serious concern for managers, as recent high-profile online hack attacks demonstrate. With cybercrime now costing Australian businesses more than $1 billion annually, the question being asked is whether protection of an organisation’s digital assets should be left solely with the IT department. Recent cyber attacks have demonstrated that cybercrime can have a deep and prolonged impact. But for non-IT executives, understanding the intricacies of cybersecurity can seem as elusive as the shadowy characters behind the attacks.
It is the responsibility of senior management to make all staff aware of the need for vigilance when it comes to cybersecurity. Without that support, it is as difficult as scaling Mount Everest backwards on a unicycle – it is probably physically possible, but you never hear of anyone achieving success.
Operational responsibility for defending against cybercrime usually resides with the Chief Information Officer or Chief Information Security Officer (CISO). At Woolworths Limited this role is held by cybersecurity veteran Pieter van der Merwe. “I think it is, in particular, the responsibility of senior management to make all staff aware of the need for vigilance when it comes to cybersecurity,” van der Merwe says. “Without that support, it is as difficult as scaling Mount Everest backwards on a unicycle – it is probably physically possible, but you never hear of anyone achieving success.”
Van der Merwe says the task is comparable to the campaigning that drove awareness of occupational health and safety issues over the past 100 years. “Every person in the organisation has a responsibility, and it is the role of the CISO to articulate that responsibility appropriately,” he says.
Cyber attack in the headlines
Recent attacks have clearly demonstrated why non-IT executives should take cybercrime seriously. An attack on Sony Pictures in late 2014, reputedly launched by North Korea, led to the leaking of numerous confidential documents and intellectual property, including unreleased films. That hack cost Sony tens of millions of dollars.